Category
Security
Release Phase
Resolved
ProductSun Update Connection - System
Solaris 10 Operating System
Bug Id
6304563
Date of Resolved Release07-DEC-2005
Impact
Solaris 10 with Sun Update Connection Services, a web proxy password may be visible to unauthorized local users on the affected system and also in the web proxy log files at the web proxy server. In addition, this issue prevents Sun Update Connection from authenticating to the web proxy server.
Sun Acknowledges with thanks Nicholas Brealey of Culham Electromagnetics and Lightning for bringing this issue to our attention.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 10 with patches 119107-01 through 119107-03 and without patch 119107-04
x86 Platform
- Solaris 10 with patches 119108-01 through 119108-03 and without patch 119108-04
Note: This issue occurs only when Sun Update Connection is configured to use a web proxy with password authentication enabled.
Symptoms
Sun Update Connection with proxy authentication enabled does not work. Password may be visible in web proxy log files.
Workaround
There is no workaround for this issue. Please see the Resolution section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 10 with patch 119107-04 or later
x86 Platform
- Solaris 10 with patch 119108-04 or later
Note: Your web proxy password may have been compromised. It is advisable to change your web proxy password
References
119107-04
119108-04
AttachmentsThis solution has no attachment